package com.ciaojian.store.config;

import com.ciaojian.core.mapper.AdminMapper;
import com.ciaojian.core.model.Admin;
import com.ciaojian.core.model.RolePermission;
import com.ciaojian.core.util.JwtUtil;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import java.util.LinkedHashSet;
import java.util.Set;

/**
 * @Description: 用户认证和授权
 * @Author: xiangchao
 * @Date: 2020/7/15 12:25 上午
 */
@Slf4j
@Component
public class ShiroRealm extends AuthorizingRealm {
    @Resource
    private AdminMapper adminMapper;

    /**
     * 授权 用户第一次登录成功，请求接口的时候开始授权
     *
     * @param principalCollection
     * @return
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("开始执行授权操作.......");
        ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
        HttpServletRequest request = attributes.getRequest();
        String authorization = request.getHeader("Authorization");
        String username = JwtUtil.getUsername(authorization);
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
        Long userId = adminMapper.getUserIdByUsername(username);
        Set<RolePermission> permissionData = adminMapper.findByUserId(userId);
        Set<String> roles = new LinkedHashSet<>();
        Set<String> permissions = new LinkedHashSet<>();
        for (RolePermission data : permissionData) {
            roles.add(data.getRoleCode());
            permissions.add(data.getPermission());
        }
        authorizationInfo.setRoles(roles);
        authorizationInfo.setStringPermissions(permissions);
        return authorizationInfo;
    }

    /**
     * 登录认证
     *
     * @param authenticationToken
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        log.info("开始进行身份认证......");
        String username = (String) authenticationToken.getPrincipal();
        Admin user = adminMapper.findByAccount(username);
        if (user == null) {
            throw new AuthenticationException("账号不存在");
        }
        return new SimpleAuthenticationInfo(user, user.getPassword(), getName());
    }
}
